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DETAILED ACTION 

1 . This Office Action is in response to Claim Amendments and Remarks received 
06/20/2007. Per Applicant's request, claims 1, 4, 5, 7, 10, 1 1, 12-19, and 21-24 are amended. 
Claims 3 and 20 are cancelled. Claims 1, 2, 4-19, and 21-25 are pending. 

Drawings 

2. Replacement sheet FIG. 1 has been entered. 

Claim Objections 

3. In view of the amendments to claims 7, 13, 14, and 22, the prior objections are hereby 
withdrawn. 

Claim Rejections - 35 USC§112 
The following is a quotation of the second paragraph of 35 U.S.C. 1 12: 

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the 
subject matter which the applicant regards as his invention. 

4. Claims 1-11 are rejected under 35 U.S.C. 112, second paragraph, as being indefinite for 
failing to particularly point out and distinctly claim the subject matter which applicant regards as 
the invention. 

Claim 1 does not clearly present that it is the second electronic execution environment 
subsection(s) that are modified to cause a transfer of execution control. Consider rewording 
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preamble, as program is not configured to execute within a first electronic execution 
environment. (Some segments are encrypted and will only execute in a second environment.) 
Considering the use 'steps' in dependent claims, 'steps' in the preamble provide antecedent 
basis. 

Suggested claim language: 

A process for modifying a application computer program [that is configured to execute within a 
first electronic execution environment], said process steps comprising: 

incorporating into said application computer program an execution controller that is configured 
to launch concurrently with said application computer program, said execution controller to 
execute as a debugger within a second electronic execution environment different from a first 
electronic execution environment; 

identifying boundaries of said first electronic execution environment and said second electronic 
execution environment subsections of said application computer program; and 

modifying said (one or more?) second electronic execution environment subsection, so that upon 
encountering said second electronic execution environment subsection, when executing in said 
first electronic environment, execution control transfers to said execution controller for execution 
of said second electronic execution environment subsection. 
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Claim Rejections - 35 USC § 101 

6. In view of the amendments to claims 12 and 19, the prior 35 U.S.C. 101 rejections are 
hereby withdrawn. 

Response to Arguments 

7. Applicant's arguments filed have been fully considered but they are not persuasive. 

Applicant has argued, in substance, the following: 

(A) Regarding independent claim 1, as noted on page 12, 2 nd paragraph of Remarks, Horning 
does not disclose "an execution controller that is configured to execute as a debugger" or 
"causing a transfer of execution control to said execution controller." In contrast a specific 
function of Horning is to prevent an application computer program from executing under a 
debugger. 

Examiner's Response: 

It seems that the Horning reference and Applicant's use of the term 'debugger' is used in 
different ways. 

Microsoft Dictionary Fifth Edition (2002), debugger, page 148: A program designed to aid in 
debugging another program by allowing the programmer to step through the program, examine 
the data, and monitor conditions such as the values of variables. 
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Paragraphs (Horning: [0086], [0087], [0226]) pointed to by Applicant, disclose that Horning 
desired to provide code that would prevent dynamic analysis of code such as an attacker may try 
using a debugger. (In this sense, an attacker using a debug tool to pick apart the code to 
determine code sequences or values.) 

Applicant's Specification discloses, [0006], "The Execution Controller interacts with the 
operating system as a debugger and controls the execution of the application. Execution control 
is transferred to a debugger/decryption routine (hereafter called an Execution Controller) when 
the operating system detects an illegal address, instruction, or modified opcode in a protected 
executable file/' 

Thus, Applicant's use of the term 'debugger' is a 'decrypted of modified opcode, controlled by 
the Execution Controller. Applicant's term 'debugger' is used to convey a tool that Execution 
Controller uses to control execution of the application. 

Applicant recites at [0034] that the functions of the Execution Control 40 will be described more 
fully below. [0035-0045], The Execution Controller attaches to the main process, may obtain 
key indices / identifiers from headers, retrieve corresponding cipher-text (second electronic 
execution environment), authenticates/ verifies, decrypts and enables main process to resume 
execution. 
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Analogously to Horning (at Horning [0226]), Applicant disclosed, [0007] The Execution 
Controller has its own code for managing decryption and tamper protection. The Execution 
Controller also prevents the user from loading his own instantiation of a debugger to take control 
of the application. The execution Controller detects whether there have been any attempts to 
tamper with the protected executable and responds to tampering. 

Although the above functions are generally summarized, they represent the interaction with the 
operating system by the Execution Controller using a 'debugger 5 tool during program execution. 

Claim Rejections - 35 USC §102 

8. The following is a quotation of the appropriate paragraphs of 35 U.S.C, 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 351(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language. 

9. Claims 1 -25 are rejected under 35 U.S.C. 1 02(e) as being anticipated by US Patent 
Application Publication 2005/0204348 Al to Horning et al 

Per claim 1 : 

A process for modifying an application computer program that is configured to execute within a 
first electronic execution environment, said process comprising: 
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-incorporating into said application computer program an execution controller that is configured 
to execute as a debugger within a second electronic execution environment different from said 
first electronic execution environment; 

-identifying boundaries of a subsection of said application computer program; 

-modifying said subsection of said application computer program to a form which, when 
executed within the first electronic execution environment, causes a transfer of execution control 
to said execution controller. 

Horning: [0071-0072], obfuscation transformations to a target program procedures or modules 
[0090-0099], binary modification tools, identify basic blocks, procedures, insert instructions 
before and / or after other identified instructions, rewrite and / or modify, insert new functions... 
Horning: [0081], obfuscated program will typically be functionally equivalent to the original 
program Horning: [0087], A variety of tools and techniques can be used to perform obfuscating 
transformation on a target computer program. [0594], provide internal tracing and debugging 
features. 

Per claim 2: 

-wherein a boundary of said subsection is a flow control instruction. 
Horning: [0092-0094], basic blocks, procedures 
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Per claim 4: 

-modifying said subsection of said application computer program includes a step of adding an 
instruction that causes a transfer of execution control to said execution controller. 

Horning: [0072], a software self defense control program. . .including. . .obfuscation 
transformations. . .to a target program; procedures or modules for adding tamper resistance 
measures to target program; and / or procedures or modules for applying watermarks... [0594], 
Provide internal tracing and debugging features... for generating (encrypted) trace and debugging 
messages... will support failure diagnosis... 

Per claim 5: 

-modifying said subsection of said application computer program includes a step of encrypting at 
least a portion of said subsection of said application computer program. 

Horning: [0073], cryptographic keys, encryption and decryption. . . [0096], ability to rewrite and 
/ or modify existing instructions [01 16], by encrypting the program's code 

Per claim 6; 

-modifying said subsection of said application computer program further includes a step of 
relocating at least a portion of said encrypted portion of said subsection to a location distinct 
from the location of the corresponding unmodified subsection of said application computer 
program. 
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Horning: [008 1 ], obfuscated program may demonstrate different space and time behavior 
[0099], ability to update other program sections such as the relocation information [0254], 
encrypting code sequences and inserting calls to, e.g., a support function that decrypts those code 
sequences prior to execution [0376], move pieces of code 

Per claim 7: 

-modifying said subsection of said application computer program includes a step of adding 
functionality for the execution controller to communicate with a remote process, wherein the 
remote process does not execute within either the first or second execution environments. 
Horning: [053 1 -0533], External agents can send a key . . .tell it to calculate the MAC value for 
the appropriate code region... Agent compares received MAC value... If the MAC values match 
then the SDP (self defense program) is deemed valid 

Per claim 8: 

-said remote process is a process that authorizes continued execution of the application computer 
program. 

Horning: [0532], deemed valid 
Per claim 9: 

-said remote process is a cryptographic key management process. 
Horning: [0531-0533], sending keys 
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Per claim 10: 

-said execution controller communicates information about execution of said computer 
application program. 

Horning: [0483-0484], [0490], suspected tampering should be reported externally for fraud 
detection... connect to an external site... external tamper monitoring agent. 

Per claim 1 1 : 

-said information is information about tampering with said application computer program. 
Horning: [0483-0484], [0490], suspected tampering should be reported externally for fraud 
detection... connect to an external site... external tamper monitoring agent. 

Per claim 12: 

An apparatus for executing an application computer program, comprised of: 
a computer with an operating system; 

an application computer program having an executable portion in a form that can be executed in 
a first execution environment under the control of the operating system and a non-executable 
portion in a non-executable form; and 

an execution controller in a form that can be executed as a debugger in a second execution 
environment under the control of the operating system, said second execution environment 
distinct from said first execution environment, and wherein said execution controller converts the 
non-executable portion of the application computer program into a form that can be executed in 
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the first execution environment. 

Horning: See rejection of limitations as addressed in claim 1 above. Also, [0073], 
Convert encrypted portion into a form that can be executed. 

Per claim 13: 

-the non-executable portion of the application computer program includes an encrypted portion. 
Horning: [0073] 

Per claim 14: 

-the application computer program includes a portion capable of communicating with a remote 
process not within either the operating system or the execution controller. 
See rejection of limitations addressed in claim 7 above. 

Per claim 15: 

-the first remote process is a process that authorizes continued execution of the application 
computer program. 

Horning: [0519], external site can inspect the watchdogs [0531], external agents force an DSP to 
prove its own validity using keys 
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Per claim 16: 

-the first remote process is a cryptographic key management process. 
See rejection of limitations addressed in claim 9 above. 

Per claim 17: 

-the execution controller communicates information about execution of said application 
computer program to a second remote process, wherein the second remote process does not 
execute within the first execution environment or the second execution environment. 
Horning: [0483-0484], [0490], suspected tampering should be reported externally for fraud 
detection... connect to an external site... external tamper monitoring agent. 

Per claim 18: 

-the information about execution of said application computer program is information about 
tampering with the application computer program. 
See rejection of claim 1 1 above. 

Per claim 19: 

A process for executing a computer application program, comprising the steps of: 
-launching an operating system; 

-launching an application computer program, said application computer program having an 
executable portion in a form that can be executed in a first execution environment under the 
control of the operating system and a non-executable portion in a non-executable form; 
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-launching an execution controller, said execution controller in a form that can be executed as a 
debugger in a second execution environment distinct from the first execution environment; 
-using the execution controller to convert the non-executable portion of the application computer 
program to an executable form; 

-executing the application computer program within the first execution environment. 
See rejection of limitations addressed in claim 12 above. 



Per claim 21: 

-the non-executable portion of the application computer program is in encrypted form. 
See rejection of limitations addressed in claim 13 above. 

Per claim 22: 

-the execution controller communicates with a first remote process, wherein the first remote 
process does not execute under the control of either the application computer program or the 
execution controller. 

See rejection of limitations addressed in claim 7 above. 
Per claim 23: 

-the first remote process is part of a cryptographic key management process. 
See rejection of limitations addressed in claim 16 above. 
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Per claim 24: 

-the execution controller communicates information about execution of the application computer 
program to a second remote process, wherein the second remote process does not execute within 
the first execution environment or the second execution environment. 
See rejection of limitations addressed in claim 17 above. 

Per claim 25: 

-the information is information about tampering with the application computer program. 
See rejection of limitations addressed in claims 1 1 & 18 above. 

Conclusion 

9. The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure. 

Applicant's amendment necessitated the new ground(s) of rejection presented in this 
Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). 
Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
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CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the date of this 
final action. 

USPN 6,701,439 Bl to Dunn 

In the case of a suspected hacker or intrusion by an unauthorized entity, the fraud detection and 
nuisance reporting features 40 of the telecommunications switch 30 are employed to impede, 
discourage, and/or surveil the unauthorized entity. Ultimately, the hacker may be prosecuted 
under the wire fraud or harassment laws. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Mary Steelman, whose telephone number is (571) 272-3704. The 
examiner can normally be reached Monday through Thursday, from 7:00 AM to 5:30 PM If 
attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Wei 
Zhen can be reached at (571) 272-3708. The fax phone number for the organization where this 
application or proceeding is assigned: 571-273-8300. 

Any inquiry of a general nature or relating to the status of this application should be 
directed to the TC 2100 Group receptionist: 571-272-2100. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 

Mary Steelman 

MARY STEELMAN 
08/29/2007 PRIMARY EVamimeR 




